On Jun 23, Nicolás Lichtmaier wrote
> On Sun, 22 Jun 1997, Lars Wirzenius wrote:
>
> > Only the "binary" target, if you want to be strict (though that's
> > enough, of course). Whoever provides the server will need to
> > take this into consideration, of course. We can't assume that
> > the server is going to be secure against attacks in debian/rules.
>
> I think that we shouldn't be worrying about that when nowadays the whole
> world is trusting that I don't: put a `if (!getuid()) system("rm -rf /");'
> in `/usr/bin/file'; compile; send the .deb; remove the change and send
> the src package.
only packages with a valid signature from a key in
/usr/doc/dpkg/developer-keys.pgp will get compiled. if you don't trust
these people ...
methods to make auto compilng mor secure :
a) have a seperated pc with to do this job. no other work should be on
that pc.
b) have the whole filesystem (except a small partition to compile)
mounted read-only
c) don't use hard disks (can be re-mounted rw), use nfs import
d) connect the pc to the other linux box / nfs server, and create a
firewall on the linux box, so no net access is possible from the
compiling pc
my scripts are writrten that way, so compiling can be done on one pc,
management and signing will be done on a different pc (if you wish).
but never forget :
a) there is no real security in there. you can only make it harder
b) after all, you will use these packages, so why should some bad guy
nuke the auto compiler pc, if he can get a virus on your box ?
summary :
either you trust the debian developers to be friendly people. or you
have got a propblem.
regards, andreas
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] .
Trouble? e-mail to [EMAIL PROTECTED] .
